Merge pull request #97 from lionick/add_claims_oauth_resource

Add claims for OAuth 2.0 Protected Resource

Author: rohe

src/idpyoidc/client/claims/oauth2resource.py

@@ -0,0 +1,46 @@
+from typing import Optional
+
+from idpyoidc.client import claims
+from idpyoidc.message.oauth2 import OAuthProtectedResourceRequest
+from idpyoidc.client.claims.transform import array_or_singleton
+
+class Claims(claims.Claims):
+    _supports = {
+        "resource": None,
+        "grant_types_supported": ["authorization_code", "implicit", "refresh_token"],
+        "scopes_supported": [],
+        "authorization_servers": [],
+        "bearer_methods_supported": [],
+        "resource_documentation": None,
+        "resource_signing_alg_values_supported": [],
+        "resource_encryption_alg_values_supported": [],
+        "resource_encryption_enc_values_supported": [],
+        "client_registration_types": [],
+        "organization_name": None,
+        "resource_policy_uri": None,
+        "resource_tos_uri": None
+    }
+
+    callback_path = {}
+
+    callback_uris = ["redirect_uris"]
+
+    def __init__(self, prefer: Optional[dict] = None, callback_path: Optional[dict] = None):
+        claims.Claims.__init__(self, prefer=prefer, callback_path=callback_path)
+
+    def create_registration_request(self):
+        _request = {}
+        for key, spec in OAuthProtectedResourceRequest.c_param.items():
+            _pref_key = key
+            if _pref_key in self.prefer:
+                value = self.prefer[_pref_key]
+            elif _pref_key in self.supports():
+                value = self.supports()[_pref_key]
+            else:
+                continue
+
+            if not value:
+                continue
+
+            _request[key] = array_or_singleton(spec, value)
+        return _request

src/idpyoidc/client/service.py

@@ -262,9 +262,16 @@ def construct(self, request_args: Optional[dict] = None, **kwargs):
         _args = self.gather_request_args(**request_args)
 
         # logger.debug("kwargs: %s" % sanitize(kwargs))
+
+        # we must check if claims module is idpyoidc.client.claims.oauth2recource as
+        # in that case we don't want to set_defaults like application_type etc.
+        obj = self.upstream_get("context").claims
         # initiate the request as in an instance of the self.msg_type
         # message type
-        request = self.msg_type(**_args)
+        if(obj.__class__.__module__ == "idpyoidc.client.claims.oauth2resource"):
+            request = self.msg_type(**_args, set_defaults=False)
+        else:
+            request = self.msg_type(**_args)
 
         _behaviour_args = kwargs.get("behaviour_args")
         if _behaviour_args:

src/idpyoidc/client/service_context.py

@@ -18,6 +18,7 @@
 from idpyoidc.claims import claims_dump
 from idpyoidc.claims import claims_load
 from idpyoidc.client.claims.oauth2 import Claims as OAUTH2_Specs
+from idpyoidc.client.claims.oauth2resource import Claims as OAUTH2RESOURCE_Specs
 from idpyoidc.client.claims.oidc import Claims as OIDC_Specs
 from idpyoidc.client.configure import Configuration
 from idpyoidc.util import rndstr
@@ -133,6 +134,8 @@ def __init__(
             self.claims = OIDC_Specs()
         elif client_type == "oauth2":
             self.claims = OAUTH2_Specs()
+        elif client_type == "oauth2resource":
+            self.claims = OAUTH2RESOURCE_Specs()
         else:
             raise ValueError(f"Unknown client type: {client_type}")
 

src/idpyoidc/message/oauth2/__init__.py

@@ -636,6 +636,22 @@ class TokenRevocationErrorResponse(ResponseMessage):
     c_allowed_values = ResponseMessage.c_allowed_values.copy()
     c_allowed_values.update({"error": ["unsupported_token_type"]})
 
+class OAuthProtectedResourceRequest(Message):
+    c_param = {
+        "resource": SINGLE_REQUIRED_STRING,
+        "authorization_servers": OPTIONAL_LIST_OF_STRINGS,
+        "jwks_uri": SINGLE_OPTIONAL_STRING,
+        "resource_documentation": SINGLE_OPTIONAL_STRING,
+        "scopes_supported": OPTIONAL_LIST_OF_STRINGS,
+        "bearer_methods_supported": OPTIONAL_LIST_OF_STRINGS,
+        "resource_signing_alg_values_supported": OPTIONAL_LIST_OF_STRINGS,
+        "resource_encryption_alg_values_supported": OPTIONAL_LIST_OF_STRINGS,
+        "resource_encryption_enc_values_supported": OPTIONAL_LIST_OF_STRINGS,
+        "client_registration_types": OPTIONAL_LIST_OF_STRINGS,
+        "organization_name": SINGLE_OPTIONAL_STRING,
+        "resource_policy_uri": SINGLE_OPTIONAL_STRING,
+        "resource_tos_uri": SINGLE_OPTIONAL_STRING
+    }
 
 def factory(msgtype, **kwargs):
     """